Title Network risk management using attacker profiling
Publication Type Journal Article
Year of Publication 2009
Authors Dantu, R, Kolan, P, Cangussu, J
Journal Security and Communication Networks
Volume 2
Pagination 83-96
ISSN 1939-0122
Keywords attack graphs, behavior, risk management
Abstract

Risk management refers to the process of making decisions that minimize the effects of vulnerabilities on the network hosts. This can be a difficult task in the context of high-exploit probability and the difficult to identify new exploits and vulnerabilities. For many years, security engineers have performed risk analysis using economic models for the design and operation of risk-prone, technological systems using attack profiles. Based on the type of attacker identified, security administrators can formulate effective risk management policies for a network. We hypothesize that sequence of network actions by an attacker depends on the social behavior (e.g., skill level, tenacity, financial ability). We extended this and formulated a mechanism to estimate the risk level of critical resources that may be compromised based on attacker behavior. This estimation is accomplished using behavior based attack graphs representing all the possible attack paths to all the critical resources. The risk level is computed based on these graphs and are used as a measure of the vulnerability of the resource and forming an effective basis for a system administrator to perform suitable changes to network configuration. Copyright © 2008 John Wiley & Sons, Ltd.

URL http://dx.doi.org/10.1002/sec.58
DOI 10.1002/sec.58

Publication Status:

UNT Department:

UNT Center: